CN101276389B - Separation of logical trusted platform modules within a single physical trusted platform module - Google Patents
Separation of logical trusted platform modules within a single physical trusted platform module Download PDFInfo
- Publication number
- CN101276389B CN101276389B CN2008100963846A CN200810096384A CN101276389B CN 101276389 B CN101276389 B CN 101276389B CN 2008100963846 A CN2008100963846 A CN 2008100963846A CN 200810096384 A CN200810096384 A CN 200810096384A CN 101276389 B CN101276389 B CN 101276389B
- Authority
- CN
- China
- Prior art keywords
- root
- trust
- ordinal number
- equipment
- order
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
A device, method, and system are disclosed. In one embodiment, the device includes storage to contain more than one trust root, and logic to associate each command ordinal sent to the device with one of the trust roots.
Description
Technical field
The present invention relates to credible platform.More specifically, the present invention relates to logic and credible platform module physics (TPM).
Background technology
Along with developing increasing various computer applied algorithm, it is more general that computer security issue becomes.Such as virus, worm, spyware with usurp such problem and perplexing colony of computer user.In addition, along with the Internet is interconnected more people,, therefore also aggravated safety problem owing to disclose secrets to information more easily.
Many technology companys are promoting and are being devoted to Trusted Computing group (Trusted ComputingGroup) that its development, definition are also founded the Trusted Computing of support hardware operation and the open standard of safety technique.Hardware module and software interface that it is target that these technology comprise to stride a plurality of platform work.A major progress that becomes more and more successful is credible platform module (TPM) and one of which group standard.TPM is a module, and it is designed on given computer system independent processing based on the operation of trusting.
The hardware that each TPM has multiple built-in function and is used for carrying out them.TPM can comprise execution engine, program code, memory storage, register, AES and key generator and other assembly.Details about the basis of TPM can obtain from Trusted Computing group tissue at an easy rate.The version of their up-to-date TPM standard is the revised edition 94 in March, 2006.
Along with TPM evolution gradually in time, become very necessary to handling to the migration of the hardware that can utilize next version from the hardware of the TPM standard of utilizing a version.The standard of redaction possibly need new encryption and hash algorithm etc.It is very important to new application that maintenance provides new algorithm simultaneously to the back compatible of the existing application of using primal algorithm.Equally, some computing environment, for example the partitioned hardware platform possibly need two groups of algorithms, needs two group key data and configuration informations thus.
At present, available TPM design demand one group key data and configuration information are trusted operation to carry out.In certain embodiments, this keying material and configuration information are known as root of trust (Trust Root).Current TPM framework only allows each TPM that a root of trust is arranged.
Description of drawings
The present invention describes through the mode of example, and it does not receive in the accompanying drawing restriction of each figure, in the accompanying drawings, and the identical similar key element of reference marker indication, wherein:
Fig. 1 has described an embodiment of credible platform module (TPM) equipment with a plurality of root of trusts;
Fig. 2 has described the current data that is stored in the TPM order ordinal number (ordinal), and is stored in new migrating (repurposed) data in this TPM order ordinal number, that be used to allow a plurality of logic TPM;
Fig. 3 is used to store a plurality of root of trusts and with the process flow diagram of an embodiment of its processing procedure that is associated with the order ordinal number;
Fig. 4 is used to receive the order ordinal number and uses the target root of trust to carry out the process flow diagram of an embodiment of this ordinal number process of commands process;
Fig. 5 is the block scheme that can use the computer system of the embodiment of the invention.
Embodiment
A kind of equipment of a plurality of logic credible platform modules, embodiment of method and system of in the single physical credible platform module, separating described.In ensuing description, set forth a large amount of details.Yet, should be appreciated that these embodiment can not need these details and are implemented.In other instance, do not specify known unit, standard and agreement, in order to avoid make indigestion of the present invention.
Fig. 1 has described the embodiment of credible platform module (TPM) equipment with a plurality of root of trusts.In many examples, TPM 100 is present in the computer system to participate in carrying out the operation based on trusting.The basic design of TPM 100 has a plurality of intrawares based on the calculating operation of trusting that are used to carry out.In various embodiment, TPM 100 comprises the execution engine, will carry out program code, Nonvolatile memory devices, volatile storage, group platform configuration register (PCR) and an AES/engine and a key generator that moves on the engine at this.Listed most of intrawares are not presented among Fig. 1, but can easily obtain the information about general TPM framework from a large amount of TPM tables of data that company issued of Trusted Computing group or production TPM.
TPM 100 among Fig. 1 comprises TPM logical one 02 and at least two root of trusts,, is stored in root of trust .1 (104) and root of trust .2 (106) in the memory storage of TPM 100 that is.In certain embodiments, this memory storage that is used for root of trust can be a nonvolatile memory.In certain embodiments, this nonvolatile memory can be a flash memory.In various embodiment, TPM logical one 02 can comprise hardware, software or both combinations.TPM logical one 02 receives the order ordinal number as input, also is known as 4 byte TMP_COMMAND_CODE operands.The order ordinal number is the index that a sensing is stored in the particular trusted calculating operation among this TPM.
Temporarily turn to Fig. 2, Fig. 2 has described the current data that is included in the TPM order ordinal number, and is stored in the new data of migrating in this TPM order ordinal number, that be used to allow a plurality of logic TPM.In one embodiment, the current data that is stored in the TPM order ordinal number comprises P (the 31st), and it informs whether this order is protected.Next, T (the 30th) informs whether this order passes through arbitrary side of protected assembly or not protected assembly.Next, V (the 29th) informs that this order is that TPM defines or manufacturer's definition.5 (the 28-24 positions) of also withing a hook at the end then.Next be 8 scope (Purview) field (23-16 position), it is designated as at first and is used for indicating this order to be assigned to which platform.Different platforms can comprise desk-top computer, mobile computer, personal digital assistant, server or the like.Set up at first since this TPM standard, this field also was not used.At last, 16 ordinal number index (Ordinal Index) field (15-0 position) is an index point, the order that its sensing will be carried out in TPM.
In many examples, being stored in data in the new TPM order ordinal number has been modified to such an extent that be different from initial release.Untapped range field is migrated is root of trust index (Trust Root Index) field.The root of trust index comprises the index point that points to a root of trust among the TPM.
Get back to Fig. 1, in one embodiment, have two root of trusts, that is, be stored in root of trust .1 (104) and root of trust .2 (106) among the TPM.In various embodiment, root of trust can comprise a plurality of different keying materials and other individualized and configuration information.Keying material possibly comprise TPM owner's information and TPM user profile.In many examples, root of trust comprises that at least signature key (Endorsement Key), storage root key (Storage Root Key) and uniqueness prove (tpmProof).In certain embodiments, additional individualized and configuration information can comprise the completeness of platform information that is included among one or more PCR.In addition, the attribute of the object in one or more these root of trusts can be stored in this root of trust.
In many examples, root of trust has comprised and has trusted relevant information, and this information allows during instruction execution, data transmission or the like, to keep trusting.The signature key relates to the inner password uniqueness of TPM.Storage root key is meant such key, and it constitutes the part of the defined storage root of trust of Trusted Computing group.TpmProof is meant a currency (nonce) (random number), and each TPM keeps such currency, so that initiate from this TPM to owner's authentication data of this TPM.In many other embodiment, possibly exist a plurality of other be included in this root of trust with trust relevant key.
Although Fig. 1 illustrates a physics TPM is only arranged in this embodiment, each root of trust that is stored among this TPM all allows this platform and utilizes the user of this platform to use this equipment as a separate and distinct logic TPM.Therefore, a physics TPM can comprise a plurality of logic TPM, and wherein each logic TPM is associated with the root of trust that is stored among this physics TPM that it is had.
Each root of trust all is unique.Because Fig. 1 has two fully independently root of trusts, therefore need each to be informed when this order is performed to use which root of trust by the order ordinal number that TPM 100 receives.For example, order ordinal number 108 is received and order of ordinal number index by TPM 100.In this specific example, this ordinal number index expansion (Extend) order, but in other embodiments, this ordinal number index possibly point to any effective Trusted Computing operation that is stored among this TPM.The range field of being migrated to the root of trust index field is set to 0 (0x00000000b).Therefore, TPM logical one 02 receives order ordinal number 108, and the value of confirming scope/root of trust index field is 0, and utilizes root of trust .1 to carry out this order (that is, index 0 points to root of trust .1).
Perhaps, TPM 100 receives order ordinal number 110, and order of ordinal number index, and this ordinal number index points to this explosion command once more in this example.But in order ordinal number 110, scope/root of trust index field is set to 1 (0x00000001b).Therefore, TPM logical one 02 receives order ordinal number 110, and the value of confirming scope/root of trust index field is 1, and utilizes root of trust .2 to carry out this order (that is, index 1 points to root of trust .2).This explosion command is specially as an example command, and in many other embodiment, and the logic TPM that can be used as target based on the order of TPM arbitrarily carries out.
Fig. 3 is a plurality of root of trusts of storage and with its process flow diagram with an embodiment of the processing procedure of ordering ordinal number to be associated.This processing procedure is carried out by processing logic, and this processing logic can comprise hardware (circuit, special logic or the like), software (for example, on general-purpose computing system or custom-built machine, moving) or both combinations.With reference to Fig. 3, this processing procedure starts from processing logic and in single credible platform module, stores two or more root of trusts (handling frame 300).
Root of trust comprises a plurality of keys and other trust data, therefore, in certain embodiments, trusts root and produces through hash function.Each the bar data (that is, signature key, storage root key or the like) that are logged in the root of trust increase through hash function, to generate unique trust root.Root of trust comprises various information, and some are permanent storage, and some are interim storages.For example, the signature key only is determined once in the life cycle of TPM.TpmProof only is determined when the owner of TPM changes.ContextNonce is one and is used to allow projects by the value of the swap-in or the TPM that swaps out that it is interim.Additional temporary information (for example, the position of order) can be stored in the root of trust.Because it is not nonvolatil being arranged in the partial information of root of trust, so this root of trust information must be stored in the rewritable storer.Nonvolatile memory among the TPM can be accomplished such task, is promptly repeatedly storing permanent information in the power down, and it also can store impermanency information when each the startup.
This processing procedure is proceeded, and with one be associated (handling frame 302) in each order ordinal number that is sent to this credible platform module and the root of trust of being stored, this processing procedure finishes then by processing logic.
In many examples, the order ordinal number is sent to send to TPM, makes this TPM can carry out based on the operation of trusting.Operation based on trusting comprises any order that is stored among this TPM.In the up-to-date TPM standard that Trusted Computing group tissue is issued, can find the tabulation of order.Of Fig. 2, the order ordinal number comprises scope/root of trust index and ordinal number indexing parameter.In addition; In certain embodiments; Processing logic can receive the order ordinal number, the scope of parsing from this order ordinal number/root of trust index and ordinal number index, and will order ordinal number (and the ordinal number index value that parses) to be associated with the root of trust that points to by scope/root of trust index value.Process flow diagram among Fig. 4 shows this group operation.
Fig. 4 receives the order ordinal number and uses the target root of trust to carry out the process flow diagram of an embodiment of this ordinal number process of commands process.This processing procedure is carried out by processing logic, and this processing logic can comprise hardware (circuit, special logic or the like), software (for example, on general-purpose computing system or custom-built machine, moving) or both combinations.With reference to Fig. 4, this processing procedure starts from processing logic and receives the order ordinal number (handling frame 400) that is sent to credible platform module.In one embodiment, this order ordinal number is addressed to the TPM logic among this TPM.
Next step, processing logic (it is the TPM logic in many examples) is checked the value in the scope/root of trust index field (as described with reference to Fig. 2) of this order ordinal number, is target (handling frame 402) to confirm which root of trust.In certain embodiments, the processing logic scope of parsing/root of trust index value and ordinal number index value from the order ordinal number that receives.Use available scope/root of trust index value and ordinal number index value, processing logic can be searched target root of trust and command object respectively in Nonvolatile memory devices and program code.
Processing logic uses the target root of trust to carry out by the order pointed of the value in this ordinal number index field (handling frame 404) then, and this processing procedure finishes then.In many examples, need the related trust information of this root of trust (comprising key value and other configuration information), thereby carry out any order based on TPM with believable mode.
Fig. 5 is the block scheme that can use the computer system of the embodiment of the invention.This computer system comprises processor-memory interconnect 500, and it is used in the communication that is coupled between the difference agency (for example, processor, bridge, memory device or the like) of interconnection 500.Processor-memory interconnect 500 comprises the special interconnection line (not shown) that is used for sending arbitration (arbitration), address, data and control information.In one embodiment, central processing unit 502 is coupled to processor-memory interconnect 500.In another embodiment, there are a plurality of central processing units to be coupled to processor-memory interconnect (a plurality of processors not shown in this Figure).
Processor-memory interconnect 500 provides central processing unit 502 and the visit of other equipment to system storage 504.The control of system storage controller is to the visit of system storage 504.In one embodiment, the system storage controller is positioned at chipset 506, and this chipset is coupled to processor-memory interconnect 500.In another embodiment, system storage controller and central processing unit 502 are positioned at (not shown) on the same chip.Information, instruction and other data can be stored in the system storage 504 and use for central processing unit 502 and a lot of other possible equipment.
I/O equipment is coupled to chipset 506 through one or more I/O interconnection.For example, I/O equipment 508 is coupled to this chipset 506 through I/O interconnection 510.In many examples, interconnection 510 is point-to-point interconnection.
In many examples, TPM equipment 512 (TPM) 514 is coupled to chipset 506 through interconnecting.In various embodiment, interconnection 514 can be point-to-point interconnection, Radio Broadcasting Agreements interconnection, few stitch type (LPC) interconnection or other effective interconnection.In other embodiments, TPM512 can inner couplings to chipset 506 and is positioned at the inside (not shown these embodiment) of chipset 506.In other embodiments, TPM 512 can be positioned on exterior I/O equipment, for example, and I/O equipment 508 (not shown).In many examples, the trust of TPM 512 managing computer systems.TPM 512 comprises the internal storage device of storing important information.In many examples, this memory storage comprises non-volatile TPM memory storage 516.In many examples, non-volatile TPM memory storage 516 comprises flash memory.In many examples, TPM 512 has internal logic, and it can be used to a plurality of root of trusts of storage in the TPM memory storage, in single physical TPM 512, to create a plurality of logic TPM.For example, in one embodiment, root of trust .1 (518) and root of trust .2 (520) are stored in the non-volatile TPM memory storage.
In many examples, the order ordinal number that is sent to TPM 512 of other positions in this computer system is through sending the root of trust index point with being stored in independently logic TPM among the physics TPM 512 as target in the scope/root of trust index value each order ordinal number.Logic among the TPM 512 can utilize correct root of trust to carry out that order based on TPM (that is logic TPM) of being pointed to by the ordinal number index value in this order ordinal number again.
Thus, a kind of equipment of a plurality of logic credible platform modules, embodiment of method and system of in the single physical credible platform module, separating described.The explanation of these embodiment is to specific exemplary embodiment.It is obvious that for the technician who benefits from present disclosure, can carry out various modification or change to these embodiment, and do not break away from wider essence and the scope of described embodiment here.Therefore, instructions and accompanying drawing should be understood that it is illustrative rather than restrictive.
Claims (20)
1. equipment comprises:
The memory storage that comprises a plurality of root of trusts; And
Be used for each is sent to the order ordinal number of this equipment and a logical circuit that is associated of said a plurality of root of trusts.
2. equipment according to claim 1, wherein, said equipment is credible platform module (TPM) equipment.
3. equipment according to claim 2, wherein, each order ordinal number comprises:
Point to the ordinal number index of an order; And
Value range, wherein, this value range is migrated to point in said a plurality of root of trust.
4. equipment according to claim 3, wherein, the value range of being migrated comprises the root of trust index.
5. equipment according to claim 3 further comprises the logical circuit that is used to carry out following operation:
Receive the order ordinal number that each is sent to this equipment;
Through check said value range confirm this order ordinal number with which root of trust as target; And
Execution is by the order of said ordinal number index, wherein, the term of execution use this target root of trust.
6. equipment according to claim 2, wherein, each root of trust comprises:
The signature key;
Storage root key;
Uniqueness proves; And
One or more additional key information and configuration information.
7. equipment according to claim 1, wherein, said memory storage comprises non-volatile burst flash memory.
8. method comprises:
The a plurality of root of trusts of storage in credible platform module (TPM) equipment; And
One in each order ordinal number that is sent to this equipment and the said a plurality of root of trusts is associated.
9. method according to claim 8, wherein, each order ordinal number comprises:
Point to the ordinal number index of an order; And
Value range, wherein, this value range is migrated to point in said a plurality of root of trust.
10. method according to claim 9, wherein, the value range of being migrated comprises the root of trust index.
11. method according to claim 9 further comprises:
Receive the order ordinal number that each is sent to said equipment;
Through check said value range confirm this order ordinal number with which root of trust as target; And
Use this target root of trust to carry out order by said ordinal number index.
12. method according to claim 8, wherein, each root of trust comprises:
The signature key;
Storage root key;
Uniqueness proves; And
One or more additional key information and configuration information.
13. method according to claim 8, wherein, said a plurality of root of trusts are stored in the memory storage in the said credible platform module equipment, and this memory storage comprises non-volatile burst flash memory.
14. a system comprises:
First interconnection;
Be coupled to the processor of this first interconnection;
Be coupled to the storer of this first interconnection;
Second interconnection, wherein, this second interconnection comprises point-to-point interconnection;
Be coupled to the chipset of these first and second interconnection; And
Be coupled to the equipment of this chipset, this equipment comprises
The memory storage that comprises a plurality of root of trusts; And
Be used for each is sent to the order ordinal number of this equipment and a logical circuit that is associated of said a plurality of root of trusts.
15. system according to claim 14, wherein, said equipment is credible platform module (TPM) equipment.
16. system according to claim 15, wherein, each order ordinal number comprises: the ordinal number index that points to an order; And
Value range, wherein, this value range is migrated to point in said a plurality of root of trust.
17. system according to claim 16, wherein, said equipment further comprises the logical circuit that is used to carry out following operation:
Receive the order ordinal number that each is sent to this equipment;
Through check said value range confirm this order ordinal number with which root of trust as target; And
Execution is by the order of said ordinal number index, wherein, the term of execution use this target root of trust.
18. system according to claim 14, wherein, each root of trust comprises:
The signature key;
Storage root key;
Uniqueness proves; And
One or more additional key information and configuration information.
19. system according to claim 14, wherein, said memory storage comprises non-volatile burst flash memory.
20. system according to claim 14 further comprises the one or more additional processor that is coupled to said first interconnection.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US11/693,242 | 2007-03-29 | ||
US11/693,242 US20080244261A1 (en) | 2007-03-29 | 2007-03-29 | Separation of logical trusted platform modules within a single physical trusted platform module |
Publications (2)
Publication Number | Publication Date |
---|---|
CN101276389A CN101276389A (en) | 2008-10-01 |
CN101276389B true CN101276389B (en) | 2012-02-08 |
Family
ID=39580030
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2008100963846A Expired - Fee Related CN101276389B (en) | 2007-03-29 | 2008-03-28 | Separation of logical trusted platform modules within a single physical trusted platform module |
Country Status (5)
Country | Link |
---|---|
US (1) | US20080244261A1 (en) |
EP (1) | EP1975834B1 (en) |
CN (1) | CN101276389B (en) |
AT (1) | ATE545094T1 (en) |
TW (1) | TWI441038B (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2513793B1 (en) | 2009-12-15 | 2018-11-14 | Synopsys, Inc. | Method and system of runtime analysis |
JP5515766B2 (en) * | 2010-01-20 | 2014-06-11 | 富士通株式会社 | Information processing apparatus, hardware setting method of information processing apparatus, and program thereof |
US8812828B2 (en) * | 2010-11-16 | 2014-08-19 | Intel Corporation | Methods and apparatuses for recovering usage of trusted platform module |
US8494585B2 (en) | 2011-10-13 | 2013-07-23 | The Boeing Company | Portable communication devices with accessory functions and related methods |
CN102595213B (en) * | 2012-02-22 | 2014-10-29 | 深圳创维-Rgb电子有限公司 | Security certificate method and system of credible TV terminal |
US10064240B2 (en) | 2013-09-12 | 2018-08-28 | The Boeing Company | Mobile communication device and method of operating thereof |
US9819661B2 (en) | 2013-09-12 | 2017-11-14 | The Boeing Company | Method of authorizing an operation to be performed on a targeted computing device |
US9497221B2 (en) * | 2013-09-12 | 2016-11-15 | The Boeing Company | Mobile communication device and method of operating thereof |
US10432409B2 (en) | 2014-05-05 | 2019-10-01 | Analog Devices, Inc. | Authentication system and device including physical unclonable function and threshold cryptography |
CN106576046B (en) * | 2014-06-25 | 2020-09-15 | 美国亚德诺半导体公司 | System and apparatus for binding metadata with hardware-inherent properties |
US10142107B2 (en) | 2015-12-31 | 2018-11-27 | Microsoft Technology Licensing, Llc | Token binding using trust module protected keys |
US10958452B2 (en) | 2017-06-06 | 2021-03-23 | Analog Devices, Inc. | System and device including reconfigurable physical unclonable functions and threshold cryptography |
Family Cites Families (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7222062B2 (en) * | 2003-12-23 | 2007-05-22 | Intel Corporation | Method and system to support a trusted set of operational environments using emulated trusted hardware |
US7318150B2 (en) * | 2004-02-25 | 2008-01-08 | Intel Corporation | System and method to support platform firmware as a trusted process |
US7552419B2 (en) * | 2004-03-18 | 2009-06-23 | Intel Corporation | Sharing trusted hardware across multiple operational environments |
US7380119B2 (en) * | 2004-04-29 | 2008-05-27 | International Business Machines Corporation | Method and system for virtualization of trusted platform modules |
US7590867B2 (en) * | 2004-06-24 | 2009-09-15 | Intel Corporation | Method and apparatus for providing secure virtualization of a trusted platform module |
US7478246B2 (en) * | 2004-07-29 | 2009-01-13 | International Business Machines Corporation | Method for providing a scalable trusted platform module in a hypervisor environment |
US8037318B2 (en) * | 2004-11-17 | 2011-10-11 | Oracle America, Inc. | System and methods for dependent trust in a computer system |
US7836299B2 (en) * | 2005-03-15 | 2010-11-16 | Microsoft Corporation | Virtualization of software configuration registers of the TPM cryptographic processor |
US8549592B2 (en) * | 2005-07-12 | 2013-10-01 | International Business Machines Corporation | Establishing virtual endorsement credentials for dynamically generated endorsement keys in a trusted computing platform |
-
2007
- 2007-03-29 US US11/693,242 patent/US20080244261A1/en not_active Abandoned
-
2008
- 2008-03-19 TW TW097109614A patent/TWI441038B/en not_active IP Right Cessation
- 2008-03-20 EP EP08250992A patent/EP1975834B1/en not_active Not-in-force
- 2008-03-20 AT AT08250992T patent/ATE545094T1/en active
- 2008-03-28 CN CN2008100963846A patent/CN101276389B/en not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
TW200844790A (en) | 2008-11-16 |
US20080244261A1 (en) | 2008-10-02 |
EP1975834A3 (en) | 2009-01-14 |
TWI441038B (en) | 2014-06-11 |
CN101276389A (en) | 2008-10-01 |
EP1975834A2 (en) | 2008-10-01 |
EP1975834B1 (en) | 2012-02-08 |
ATE545094T1 (en) | 2012-02-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN101276389B (en) | Separation of logical trusted platform modules within a single physical trusted platform module | |
CN100489805C (en) | Autonomous memory checker for runtime security assurance and method therefore | |
CN104995627B (en) | Cipher key revocation in system-on-chip apparatus | |
CN110785759B (en) | Remote authentication for multi-core processors | |
RU2456663C2 (en) | Progressive boot strap loading for wireless device | |
CN102122327B (en) | Use multiple authentication codes modules to enter secured computing environment | |
US11070380B2 (en) | Authentication apparatus based on public key cryptosystem, mobile device having the same and authentication method | |
US11886593B2 (en) | Verification of a provisioned state of a platform | |
CN110096886A (en) | Compared based on inventory and executes safe action | |
EP2619701A1 (en) | Attesting use of an interactive component during a boot process | |
JP6391439B2 (en) | Information processing apparatus, server apparatus, information processing system, control method, and computer program | |
US10255438B2 (en) | Operating system agnostic validation of firmware images | |
CN111177703B (en) | Method and device for determining data integrity of operating system | |
CN106096418A (en) | SELinux-based startup security level selection method and device and terminal equipment | |
US8140835B2 (en) | Updating a basic input/output system (‘BIOS’) boot block security module in compute nodes of a multinode computer | |
CN103455750A (en) | High-security verification method and high-security verification system for embedded devices | |
CN113434122A (en) | Multi-role page creation method and device, server and readable storage medium | |
CN111353150B (en) | Trusted boot method, trusted boot device, electronic equipment and readable storage medium | |
US20210232688A1 (en) | Determine whether to perform action on computing device based on analysis of endorsement information of a security co-processor | |
CN110209347B (en) | Traceable data storage method | |
CN115964721A (en) | Program verification method and electronic equipment | |
CN111506915A (en) | Authorized access control method, device and system | |
CN113051622B (en) | Index construction method, device, equipment and storage medium | |
CN104052726A (en) | Access control method and mobile terminal which employs access control method | |
CN111147477A (en) | Verification method and device based on block chain network |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
CF01 | Termination of patent right due to non-payment of annual fee | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20120208 Termination date: 20160328 |